Can we admit that Obama has a really big stick?

Health insurance rip off lying FDA big bankers buying
Fake computer crashes dining
Cloning while they're multiplying
Fashion shoots with Beck and Hanson
Courtney Love, and Marilyn Manson
You're all fakes
Run to your mansions
Come around
We'll kick your ass in

Postby clothbound » Thu Apr 26, 2012 6:22 pm

So we’ve still got a lot of work to do to rebuild this economy so that it lasts, so that it’s solid, so that it’s firm. But what I want you to know is that the degree you earn from UNC will be the best tool you have to achieve that basic American promise -- the idea that if you work hard, you can do well enough to raise a family and own a home, send your own kids to college, put a little away for retirement. (Applause.) That American Dream is within your reach. (Applause.)

And there’s another part of this dream, which is the idea that each generation is going to know a little bit more opportunity than the last generation. That our kids -- I can tell you now as a parent -- and I guarantee you, your parents feel this about you -- nothing is more important than your kid’s success. You want them to do better than you did. (Applause.) You want them to shoot higher, strive more, and succeed beyond your imagination.

So keeping that promise alive is the defining issue of our time. I don’t want this to be a country where a shrinking number of Americans are doing really, really well, but a growing number of people are just struggling to get by. That’s not my idea of America. (Applause.) I don’t want that future for you. I don’t want that future for my daughters. I want this forever to be a country where everybody gets a fair shot and everybody is doing their fair share, and everybody is playing by the same set of rules. (Applause.) That’s the America I know and love. That’s the America within our reach.


Overall, I get what he's selling here and think it's a positive thing. However, a fair shot? Like the lottery? A lot of what he's saying is just off the mark, more like a dog dreaming of chasing rabbits than an American Dream.
User avatar
clothbound
 
Posts: 318
Joined: Mon Mar 29, 2010 8:31 pm
Location: Minneapolis

Postby Shalabi » Thu Apr 26, 2012 6:59 pm

He's done that before, last year:

http://www.youtube.com/watch?v=g9t97kDI68k&t=2m29s

In the end, the folks I hear from in letters or meet when I travel across the country – they aren’t asking for much. They’re just looking for a job that covers their bills. They’re just looking for a little financial security. They want to know that if they work hard and live within their means, everything will be all right. They’ll be able to get ahead, and give their kids a better life. That’s the dream each of us has for ourselves and our families. And so long as I have the privilege of serving as President, I’ll keep fighting to put that dream within reach for all Americans. Have a great weekend, everybody.
User avatar
Shalabi
 
Posts: 15569
Joined: Mon Dec 14, 2009 6:52 pm
Location: oc, ca

Postby can » Thu Apr 26, 2012 10:58 pm

i'm not sure what your problem is with that wording

the idea is equal opportunity, no? how would you expect him to phrase it
User avatar
can
 
Posts: 8360
Joined: Tue Dec 15, 2009 12:54 am

Postby grammatron » Fri Apr 27, 2012 7:25 am

Yeah I don't get that complaint either.
User avatar
grammatron
 
Posts: 54669
Joined: Mon Dec 14, 2009 5:01 pm
Location: C-17

Postby chandler » Fri Apr 27, 2012 8:32 am

He better veto CISPA, or he's losing my vote
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby mcwop23 » Fri Apr 27, 2012 8:43 am

SERIOUSLY GUYS wrote:He better veto CISPA, or he's losing my vote


Out of curiosity would you simply not vote in the election or vote for Romney?
Image
wendy wrote:
colin meloy doesn't need to die
User avatar
mcwop23
bitchez ain't shit but pups and licks
 
Posts: 66541
Joined: Mon Dec 14, 2009 6:56 pm
Location: Jacksonville, FL

Postby chandler » Fri Apr 27, 2012 8:48 am

I would probably not vote for any presidential candidate
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby ~> :? :? » Fri Apr 27, 2012 8:50 am

it's pretty unlikely cispa even makes it to Obama
User avatar
~> :? :?
ride.
 
Posts: 7571
Joined: Mon Dec 14, 2009 2:48 pm

Postby The Dirty Turtle » Fri Apr 27, 2012 8:50 am

something like cispa needs to pass immediately, though not saying the current language in cispa is totally appropriate
its not sopa
User avatar
The Dirty Turtle
ok
 
Posts: 38791
Joined: Tue Dec 15, 2009 4:04 am
Location: Cannot be found

Postby chandler » Fri Apr 27, 2012 8:56 am

An ISP is not required to shield any personally identifying data of its customers when it believes it has detected threats, which include attack signatures, malicious code, phishing sites or botnets. In short, the measure seeks to undo privacy laws that generally forbid ISPs from disclosing customer communications with anybody else unless with a court order.

The bill immunizes ISPs from privacy lawsuits for voluntarily disclosing customer information thought to be a security threat. Internet companies are also granted anti-trust protection to immunize them against allegations of colluding on cybersecurity issues. The measure is not solely limited to cybersecurity, and includes the catchall phrase “national security” as a valid reason for turning over the data.



yes, something like that needs to be passed immediately
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby carlperkins » Fri Apr 27, 2012 8:57 am

seriously guys i'd been wondering how you would vote in this election. keep us updated.
User avatar
carlperkins
 
Posts: 12563
Joined: Wed May 26, 2010 2:20 am

Postby Ankh » Fri Apr 27, 2012 8:59 am

whatever it takes to stop meme culture
User avatar
Ankh
senior fellow
 
Posts: 20738
Joined: Mon Jan 11, 2010 10:01 am
Location: the gracious core

Postby Mean Princess » Fri Apr 27, 2012 9:05 am

mcwop23 wrote:
SERIOUSLY GUYS wrote:He better veto CISPA, or he's losing my vote


Out of curiosity would you simply not vote in the election or vote for Romney?

What reason is there to vote if you think both candidates aren't looking out for your best interests? Obama's definitely done some pretty indefensible things the last couple years. That doesn't mean Romney is any better, just that it's becoming morally difficult to support Obama.
User avatar
Mean Princess
 
Posts: 1302
Joined: Sun Feb 26, 2012 9:06 pm

Postby Ankh » Fri Apr 27, 2012 9:07 am

come on
User avatar
Ankh
senior fellow
 
Posts: 20738
Joined: Mon Jan 11, 2010 10:01 am
Location: the gracious core

Postby Frank » Fri Apr 27, 2012 9:09 am

a vote for romney or obama is a a vote for meme culture, ankh
im that guy who got dog diarrhea in his beard
User avatar
Frank
 
Posts: 28424
Joined: Mon Dec 14, 2009 4:34 pm
Location: :ahuh:

Postby mcwop23 » Fri Apr 27, 2012 9:18 am

Mean Princess wrote:
mcwop23 wrote:
SERIOUSLY GUYS wrote:He better veto CISPA, or he's losing my vote


Out of curiosity would you simply not vote in the election or vote for Romney?

What reason is there to vote if you think both candidates aren't looking out for your best interests? Obama's definitely done some pretty indefensible things the last couple years. That doesn't mean Romney is any better, just that it's becoming morally difficult to support Obama.


Username/post
Image
wendy wrote:
colin meloy doesn't need to die
User avatar
mcwop23
bitchez ain't shit but pups and licks
 
Posts: 66541
Joined: Mon Dec 14, 2009 6:56 pm
Location: Jacksonville, FL

Postby ssshhhooo » Fri Apr 27, 2012 9:26 am

SERIOUSLY GUYS wrote:He better veto CISPA, or he's losing my vote

What state do you live in?
User avatar
ssshhhooo
 
Posts: 983
Joined: Tue Dec 15, 2009 2:47 am
Location: I-4

Postby chandler » Fri Apr 27, 2012 9:28 am

pa
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby The Dirty Turtle » Fri Apr 27, 2012 10:32 am

so heres my take on cispa

i dunno if anyone here has noticed that theres been lots of breach deadlines over the course of the last few years and companies everywhere are losing all of your information faster than they can collect it. a lot of it was driven by anonymous, but anonymous isnt the group that the government is actually real concerned about. the best description i heard about anonymous and whether it was "cyber war" was an army storming across your boarder and then going immediately to the post office and standing in line in front of everyone.

govs, military contractors, major companies, etc. are worried about apt (advanced persistent threat). these types of attackers are often government sponsored and usually interested in long-term access to strategically significant computer networks. the term first became popular after operation aurora in 2009 when google found evidence that the chinese government was all up in their business (http://googleblog.blogspot.com/2010/01/ ... china.html), but since then more and more examples have been popping up. one of the most interesting ones was when someone broke into rsa to steal the information needed to compromise the session tokens, it is thought by most people that the information about the securid tokens was then used to attack lockheed martin, with the intention of stealing god knows what. im pretty sure lockheed contends that they got in, but didnt get anything that they wanted (which happens).

that said, when evidence of a breach like this starts to take place (and they happen all the time, they just might not wind up in headlines), the fbi is usually brought in to investigate and they classify most of what they find so people actually cant act on it. its the theory that you dont disturb the spider web, because as long as the web is still there, you know where the spider is. so they control the information so security vendors dont all of a sudden start blocking some ip address and tip off to some attacker that people are on to them, because the reality is that they still need more info.

this is where cispa comes in. gov and industry need a way to share classified stuff, specifically, signatures that go in network intrusion prevention systems. the way signatures work is that they look for malicious stuff in network traffic (whether thats like a flash object inside an excel document, or exploit code targeting a specific software vulnerability). anyway, they arent perfect and often times dont know exactly what they are looking for. false positives are a reality in every single intrusion prevention system on the planet because that is the nature of the technology that were talking about. not every threat looks the same on the network, so network protections need to look for weird stuff. maybe ive got a legitimate reason to embed a flash object inside an excel worksheet, but probably not, and if thats going over the wire you probably you want your network security technology flagging that.

so, in the case of apt, the government wants to ship classified signatures to private companies so that they can start looking for evidence of network intrusions that the gov is seeing somewhere. this is a borderline investigative process and the insight comes from when they start seeing the same stuff happening on a couple networks, or even different pieces of the puzzle. when the signature fires on a network, this is the specific information that everyone in the world who cares about security wants to make it easier to share. they want to take and share packet captures really quickly and do the whole "i see this happening, whatd you see, ok i saw this." its hard to understate how important this is.

however, like i said, the nature of ips signatures is that they do fire on legitimate network traffic sometimes. so, let's say i was sending a legit email with a flash object embedded in an excel s/s, and it was going across a network that had one of those classified government signatures that was looking for specifically that type of behavior, thats something that the company is then going to forward along, even though its my private communications and i havent done anything wrong. its the necessary evil.

however, where this all gets real questionable is around what the gov can write network ips signatures for. they could write signatures looking for certain types of plain text communication, put it under the banner of cyber security and then just run around with a public surveillance operation.

obviously no one wants that, but you should understand that the intent of this bill is not reprehensible in the same ways other recent cyber legislation has been (sopa).
User avatar
The Dirty Turtle
ok
 
Posts: 38791
Joined: Tue Dec 15, 2009 4:04 am
Location: Cannot be found

Postby The Dirty Turtle » Fri Apr 27, 2012 10:38 am

also they did just put an amendment in there that was trying to limit the scope:

‘‘(4) CYBER THREAT INTELLIGENCE.—
21 ‘‘(A) IN GENERAL.—The term ‘cyber
22 threat intelligence’ means intelligence in the
23 possession of an element of the intelligence
24 community directly pertaining to—
3
1 ‘‘(i) a vulnerability of a system or net
2 work of a government or private entity;
3 ‘‘(ii) a threat to the integrity, con
4 fidentiality, or availability of a system or
5 network of a government or private entity
6 or any information stored on, processed on,
7 or transiting such a system or network;
8 ‘‘(iii) efforts to degrade, disrupt, or
9 destroy a system or network of a govern
10 ment or private entity; or
11 ‘‘(iv) efforts to gain unauthorized ac
12 cess to a system or network of a govern
13 ment or private entity, including to gain
14 such unauthorized access for the purpose
15 of exfiltrating information stored on, proc
16 essed on, or transiting a system or network
17 of a government or private entity.
User avatar
The Dirty Turtle
ok
 
Posts: 38791
Joined: Tue Dec 15, 2009 4:04 am
Location: Cannot be found

Postby The Dirty Turtle » Fri Apr 27, 2012 10:40 am

the ppl ive seen who are still worried are concerned how this piece could be used though:

8 ‘‘(iii) efforts to degrade, disrupt, or
9 destroy a system or network of a govern
10 ment or private entity; or

in that "efforts" is pretty broad
User avatar
The Dirty Turtle
ok
 
Posts: 38791
Joined: Tue Dec 15, 2009 4:04 am
Location: Cannot be found

Postby clothbound » Fri Apr 27, 2012 11:07 am

can wrote:i'm not sure what your problem is with that wording

the idea is equal opportunity, no? how would you expect him to phrase it


Equal opportunity doesn't equal prosperity. It just equals a chance, a token for the slot machine. It's a swindle. That's the problem I was trying to point out. O assumes the American Dream is raising a family that you can send through the broken college system, landing in a little less debt, but nevertheless debt that you can eventually climb out of to retire with. Just enough. Meanwhile, his rich friends (Katzenberg!? Corzine!?) are still fucking us over with taxes that go to who knows how many of their covert economic conflicts against the Chinese. I'm just not buying it this time.
User avatar
clothbound
 
Posts: 318
Joined: Mon Mar 29, 2010 8:31 pm
Location: Minneapolis

Postby chandler » Fri Apr 27, 2012 11:18 am

this probably isn't the thread to discuss this but, whatever:

http://en.wikipedia.org/wiki/Security_through_obscurity

I'm a big opponent of ^ and CISPA and its ilk are meta-examples of that concept. bureaucracies (military, civilian govt, etc.) embrace it all too easily without sufficient critical thought given to the real-world implications of (loss of) privacy and the inevitable abuse of concentrating knowledge in the hands of a few...or if we're being appropriately cynical, perhaps this is exactly what the government and big business want. There is a reason Microsoft and Facebook are among its supporters. I'm no government paranoiac, but how can anyone be comfortable with the thought that ISPs would be shielded from lawsuits AND 'voluntarily' share information on US citizens without the need for a warrant? Orwellian, indeed.

Anyway, TDT, your support of CISPA seems based on the notion that this would increase our 'cyber-defenses', our ability to rapidly respond and share information regarding threats. In purely security engineering terms, as wikipedia points out, even the NIST recommends against STO.
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby black mamba » Fri Apr 27, 2012 11:26 am

i believe the so called 'obscurity' is for investigative reasons, not a security strategy (as i think tdt pointed out)
Image
User avatar
black mamba
ok
 
Posts: 12802
Joined: Mon Dec 14, 2009 4:19 pm
Location: my fat fabulous life

Postby chandler » Fri Apr 27, 2012 11:28 am

The bill would allow the voluntary sharing of attack and threat information between the U.S. government and security cleared technology and manufacturing companies to ensure the security of networks against patterns of attack[5] ; the most recent version of the CISPA bill did not remove references to intellectual property.


sounds like a security strategy to me
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby black mamba » Fri Apr 27, 2012 11:38 am

it's the sharing of information after the fact, in order to identify the entity that carried an attack out, not the obfuscation of information in the hope that no one will have the knowledge to circumvent security
Image
User avatar
black mamba
ok
 
Posts: 12802
Joined: Mon Dec 14, 2009 4:19 pm
Location: my fat fabulous life

Postby The Dirty Turtle » Fri Apr 27, 2012 11:52 am

first of all, security through obscurity is an entirely different concept and has nothing to do privacy, and has everything to do with trying to hide your security architecture and controls
im sure that wikipedia example talks about encryption because that was always a big discussion item with obscurity, some people saying theyd develop their own algorithm, others testing and trying to break public ones to make them stronger. that debate is basically over because no one can break the public ones and i cant recall ever reading a breach headline that happened as a result of someone breaking encryption...theres other stuff thats way easier
then security through obscurity might also be like "well, im not gonna advertise what AV i have, thatll get em!" except that every sophisticated attacker has every single av program in the world and before using their malware they make sure it gets through everything untouched
i mean its basically a bullshit concept altogether that was the equivalent of folding your hands and praying for the dear lords blessing, because if youre relying on a sophisticated attacker not figuring out stuff like that...well lol youre totally fucked

there is however a difference between that, and carefully considering what you do when you have a small piece of evidence about a significant attack, but need to understand a lot more about how far it reaches, what its end target might be, etc.

and do you want to know why facebook and microsoft are among its supporters...for microsoft its because a HUGE piece of the attack activity on the internet targets vulnerabilities in microsoft operating systems, office, etc. on the second tuesday of every month they do their patches drop and its called fucking "super tuesday" in the security world. its sounds like you might be familiar with some stuff in infosec, and if thats the case, you certainly are familiar with super tuesday. anyway, sometimes microsoft software gets 0dayed (advanced attacker exploits unknown vuln in the wild...there is no security defense for it anywhere), and then microsoft goes into firedrill mode trying to develop a patch and push it out...i guarantee you microsoft wants to be in the loop on this stuff as much as possible so that they can build and push security patches to their software faster

facebook is probably all about this for an entirely different reason, which is that they have an INSANE amount of data about people and as a result i am just about 100% sure that their network is under attack constantly. it could be anything from chinese government spying on people to an APT type threat trying to learn as much as they can about a person before crafting just about the most targeted spear phishing attack you could possibly imagine (ie. i see jim and bob went to vegas last month and met some hot chicks...let me just make the jim gmail account, drop this exploit inside a picture file, send an email to bob and be like, "bob, dude! i found this ridiculous picture of you with that girl from the MGM..remember her?!? man... crazy times brah!" boom, malware.

i would actually contend that this is the complete opposite of security through obscurity, in that they are trying to break down some barriers that make it difficult for .gov and .com to share information about threats on their networks.

this bill is going after people trying to steal missile specs, not the newest release from lady gaga. however, they just need to word it that way.
User avatar
The Dirty Turtle
ok
 
Posts: 38791
Joined: Tue Dec 15, 2009 4:04 am
Location: Cannot be found

Postby Guy Incognito » Fri Apr 27, 2012 11:54 am

you guys are going to ruin my daily phish vanity search
wendy wrote:It is not dank
User avatar
Guy Incognito
Infernal Dinosaur
 
Posts: 31009
Joined: Mon Dec 14, 2009 6:00 pm
Location: on lot

Postby chandler » Fri Apr 27, 2012 12:23 pm

TDT, I'm a Windows system engineer. I am aware of 0days and deal with them routinely.

I'm not entirely clear why this bill is needed at all, if its goal is 'going after people trying to steal missile specs'

is it legal to gain unauthorized access to networks? does lockeed martin use Comcast cable or Verizon FiOS as its ISP?...do you think lockheed doesn't already share information with its employers when it detects intrusion attempts? do you think the government already very strictly audits its missle(lol) and security vendors? do we need to 'obscure' investigations, ditching all those pesky and difficult to obtain warrants? warrants against whom, exactly...chinese and russian based IP addresses?

answer those questions, then get back to me
i've been getting really into pestcest too lately. haven't really been able to find much good ant stuff, though. anybody have any links to some good biting vids/pics?
User avatar
chandler
 
Posts: 9694
Joined: Mon Dec 14, 2009 8:15 pm

Postby The Dirty Turtle » Fri Apr 27, 2012 12:43 pm

i dont even understand the relevance of some of the things that you are asking

no its not legal to gain unauthorized access to networks, i cant randomly go break into whatever i want, which is why people like the fbi get involved
do i think lockheed shares information with its employers when it detects intrusion attempts? um, depends. lockheed probably sees about a billion+ security events on their network every single day and the extent to which they share info, or keep it close likely depends on the nature of the specific threat
do i think government looks closely at the security technology they put on their network, yea...i mean the DoD has various certifications they give different products, and i think mcafee has the only network ips with official DoD certification....however this has nothing to do with the government and private sector sharing signature files and packet captures with one another

as for why we would need to make it easier to share APT intel...because we are getting owned everywhere and constantly and if we dont make it easier to share info and protection were going to continue to get pummeled
User avatar
The Dirty Turtle
ok
 
Posts: 38791
Joined: Tue Dec 15, 2009 4:04 am
Location: Cannot be found

PreviousNext

Return to Don't. Let. Go. You’ve got the music in you.

Who is online

Users browsing this forum: beefbroth inthe shitpipes, CudNylon, Daft Pun, funkfunkfunk, gallits, gashed, Google [Bot], Grey Poupon, hilbert, hoopdog, neta, OKterrific, pablito, Pris, Prof. Horatio Hufnagel, pzadvance, rik pik, The Sunken Place, trouble, Zardoz